{"url":"http://public2.vulnerablecode.io/api/packages/54995?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9","type":"maven","namespace":"com.fasterxml.jackson.core","name":"jackson-databind","version":"2.8.9","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.8.10","latest_non_vulnerable_version":"2.16.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39380?format=json","vulnerability_id":"VCID-rg7k-kaxv-2ubx","summary":"Deserialization of Untrusted Data\nA deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1462702"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1599","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/issues/1599"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1723","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/issues/1723"},{"reference_url":"https://github.com/FasterXML/jackson-databind/issues/1737","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/FasterXML/jackson-databind/issues/1737"},{"reference_url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true","reference_id":"","reference_type":"","scores":[],"url":"https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true"},{"reference_url":"http://www.securityfocus.com/bid/99623","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99623"},{"reference_url":"http://www.securitytracker.com/id/1039744","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039744"},{"reference_url":"http://www.securitytracker.com/id/1039947","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039947"},{"reference_url":"http://www.securitytracker.com/id/1040360","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040360"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525","reference_id":"CVE-2017-7525","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7525"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54993?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.6.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54994?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.7.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/54995?format=json","purl":"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9"}],"aliases":["CVE-2017-7525"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rg7k-kaxv-2ubx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.8.9"}